Snort mailing list archives
Snort 2.9.2 Now Available
From: Snort Releases <snortreleases () snort org>
Date: Wed, 14 Dec 2011 17:52:35 -0500
Snort 2.9.2 is now available on snort.org, at http://www.snort.org/snort-downloads/ in the Latest Release section. 2.9.0 RC & later packages are signed with a new PGP key (that is signed with the previous key). Snort 2.9.2 introduces the following new capabilities: * SCADA (DNP3 and Modbus) preprocessors. Added two new preprocessors to support writing rules for detecting attacks for control systems. New rule keywords are supported, and DNP3 leverages Stream5 PAF support for TCP reassembly. See the Snort Manual, README.dnp3 and README.modbus for details of the configurations and new rule options. * GTP decoding and preprocessor. Updated the Snort packet decoders and added a preprocessor to support detecting attacks over GTP (GPRS Tunneling Protocol). Snort's GTP support handles multiple versions of GTP and has a rich configuration set. See the Snort Manual and README.GTP for details. * Updates to the HTTP preprocessor to normalize HTTP responses that include javascript escaped data in the HTTP response body. This expands Snort's coverage in detecting HTTP client-side attacks. See the Snort Manual and README.http_inspect for configuration details. * Added Protocol-Aware Flushing (PAF) support for FTP. Additionally, the following updates and improvements have been made: * Updates to Stream preprocessor to be able to track and store "stream" data for non TCP/UDP flows. Also improvements to handle when memory associated with a blocked stream is released and usable for other connections. * Updates to dce_stub_data to make it act the same as file_data and pkt_data rule option keywords in how it interacts with subsequent content/pcre/etc rule options. * Updates to how Snort handles and processes signals received from the OS. * Enabled logging of normalized JavaScript to unified2 without the use of the --enable-sourcefire configuration option. * Improved handling of gaps and overlaps for "first" and "vista" policies in Stream5. * Added support for signal handler customization. At compile-time, Snort can be customized to use different signal numbers. This allows problems with overlapping signals to be fixed on a per-platform basis, which is especially helpful for the BSDs. See the Snort Manual for more details. Please see the Release Notes and ChangeLog for more details. Please submit bugs, questions, and feedback to bugs () snort org. Happy Snorting! The Snort Release Team ------------------------------------------------------------------------------ Cloud Computing - Latest Buzzword or a Glimpse of the Future? This paper surveys cloud computing today: What are the benefits? Why are businesses embracing it? What are its payoffs and pitfalls? http://www.accelacomm.com/jaw/sdnl/114/51425149/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.2 Now Available Snort Releases (Dec 14)
- <Possible follow-ups>
- Snort 2.9.2 Now Available Snort Releases (Dec 14)